Some Merchant Processors require periodic PCI scanning and compliance with PCI standards. In some cases, Merchants will charge you extra fees if your scan isn't complete or reports you're non-compliant. Generally, PCI scanning is recommended, however, it is not required, nor will Print Reach invoke any type of fee if it's not complete.
At Print Reach, we reduce your risk factors by having your systems store Credit Card Tokens and not Credit Card numbers. These tokens are like a password that only allows you to process transactions and they must be verified by our secure servers. This removes the risk associated with your data and systems and does not put the Credit Cards at risk.
If you are curious to understand what PCI standards apply to your business you can read more in-depth information in the link below. This article gives you a Self-Assessment Questionnaire depending on the services you offer to better understand your needs. You should review all of your services to find the correct questionnaire and typically we find most merchants fall under PCI SAQ C.: https://www.securitymetrics.com/blog/pci-standards-which-pci-saq-right-my-business
According to the PCI DSS, “Tokenization solutions do not eliminate the need to maintain and validate PCI DSS compliance, but they may simplify validation efforts by reducing the number of systems for which PCI requirements apply."
It is true that the elements of the tokenization system are part of the cardholder data environment and therefore in scope for PCI requirements. Thankfully those systems are handled by Print Reach and Fullsteam which means those systems are out of scope for the business taking the payments. (Your Business). Our tokenization system is approved through the PCI SSC and we protect our tokenization systems and processes with strong security measures.
With that said If you find that you are in need of PCI compliance scanning then Print Reach has a PCI Partner called Security Metrics. If this is something you need please send a support ticket to Print Reach and we will request a new account for you through our support team.
This process involves working directly with Security Metrics to answer a questionnaire. Merchants will need to fill out a new questionnaire, they can't be transferred. During the setup of Security Metrics, the Merchant will need to provide their Public IP address(s).
Once set up, the scan will automatically happen quarterly and send email results.
If any help is needed filling out the questionnaire, you can contact Security Metrics support team: 801-705-5700